Re: Alias piping + mysql in virtual domains
On Dec 30, 2008, at 10:45 PM, Wietse Venema wrote: Sahil Tandon: Joselito wrote: I'm moving an existing domain to virtual mailboxes. All the info is stored in a mysql database. Currently all devlivery and alias mapping is working correctly; I'm using virtual_mailbox_maps, virtual_alias_maps and virtual_mailbox_domains stored in the sql backend. Problem is that aliases that pipe to a command and aren't delivered anywhere - this is most common for mailing list software like mailman and smartlist. Dropping the piped command into the destination side of an alias map results in a bounce mail, and the logs show an unknown user error. The current workaround that I'm using is to alias to another alias in /etc/aliases (obviously a flat file, not an sql backend) which is aliased to the pipe. You cannot pipe to programs from virtual alias maps; use local aliases as you currently do, or route to an address that resolves (via transport_maps) to a pipe transport. See also examples in http://www.postfix.org/VIRTUAL_README.html for delivery to command. Wietse Ugh, that's what I get for reading everything very closely up to the point I need, instead of the whole page, where I miss the gigantic section at the bottom that talks about this issue. Whoops.
Re: Enforcing sending domain from the inside network
O/H mouss έγραψε: D. Karapiperis a écrit : O/H Wietse Venema έγραψε: Since he asked for a nice way to specify this in Postfix, a nice implementation of this would look like this: /etc/postfix/main.cf: smtpd_sender_restrictions = permit_mydomain, reject_mynetworks Where the details are hidden by restriction classes: /etc/postfix/main.cf: restriction_classes = permit_mydomain, reject_mynetworks permit_mydomain = check_sender_access hash:/etc/postfix/sender_access reject_mynetworks = check_client_access cidr:/etc/postfix/client_access.cidr hash:/etc/postfix/sender_access example.compermit /etc/postfix/client_access.cidr 192.168.0.0/24 reject must send mail as u...@example.com Note that moving this into smtpd_recipient_restrictions would make this an open relay, as anyone can claim to have a sender address in your domain. Wietse Many thanks for your replies, u really help a lot. I cannot understand why if we move the statement on the smtpd_recipient_restricitons will end up on open relay. Again check_sender_access will examine the MAIL FROM right? and the client access the IP, right? permit_mydomain returns a permit, so the message is accepted and no further checks are done. in particular, reject_unauth_destination is skipped. in short, if a spammer forges sends as j...@example.com, the message is accepted even if it goes to an external domain. and this is open relay Open relay will not take place if the checks are included on smtpd_sender_restrictions?
Re: Cannot get local mail delivered locally
Frank Millman wrote:
Assume our domain name is example.com, and our email addresses are
f...@example.com, b...@example.com, etc.
In main.cf, I had the following -
myhostname = fcserver.example.com
mydomain = example.com
myorigin = $mydomain
I have now changed it to -
myhostname = example.com
mydomain = com
myorigin = $mydomain
It now works, but I don't know why. I thought my domain name was
example.com, and each machine on the network should have a host name of
{host}.example.com.
Please can someone explain where I went wrong.
Please post the output of postconf -n of the working config and
non-working config. The above really isn't enough to figure out what
your problem is/was.
Re: Cannot get local mail delivered locally
Frank Millman wrote: Before (not working) mydestination = $myhostname, localhost.$mydomain, localhost mydomain = example.com myhostname = fcserver.example.com myorigin = $mydomain example.com is not in $mydestination, so Postfix relays all example.com mail to $relayhost. After (working) --- mydestination = $myhostname, localhost.$mydomain, localhost mydomain = com myhostname = example.com myorigin = $mydomain You changed $myhostname to example.com, which put example.com in $mydestination, so Postfix now delivers example.com mail to your mailboxes. Of course, you now have an incorrect $mydomain and $myhostname. The following should work: mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = example.com myhostname = fcserver.example.com myorigin = $mydomain
Re: Enforcing sending domain from the inside network
D. Karapiperis a écrit : Open relay will not take place if the checks are included on smtpd_sender_restrictions? an OK in smtpd_sender_restrictions does not skip smtpd_recipient_restrictions, and relay check is done in the latter (reject_unauth_destination).
RE: Cannot get local mail delivered locally
Darren Pilgrim wrote: Frank Millman wrote: Before (not working) mydestination = $myhostname, localhost.$mydomain, localhost mydomain = example.com myhostname = fcserver.example.com myorigin = $mydomain example.com is not in $mydestination, so Postfix relays all example.com mail to $relayhost. After (working) --- mydestination = $myhostname, localhost.$mydomain, localhost mydomain = com myhostname = example.com myorigin = $mydomain You changed $myhostname to example.com, which put example.com in $mydestination, so Postfix now delivers example.com mail to your mailboxes. Of course, you now have an incorrect $mydomain and $myhostname. The following should work: mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = example.com myhostname = fcserver.example.com myorigin = $mydomain Thanks very much, Darren. It works, and now I understand what is going on. Much appreciated. Frank
rewrite recipients after /etc/aliases is processed
Hi all, I'm trying to figure out how I can deliver mail usern...@examplehost.example.com to a central mail server (smtp.example.com) without setting myorigin = $mydomain on the example host, because I would like to see where the mail originiated or was originally sent to in the sender address. I tried to use recipient canonical maps @examplehost.example.com @example.com but then /etc/aliases is not used e.g. to forward email. I there a way, to rewrite recipient adresses *after* /etc/aliases has been processed? many thanks, Hp signature.asc Description: This is a digitally signed message part
Re: rewrite recipients after /etc/aliases is processed
Hanspeter Kunz a écrit : Hi all, I'm trying to figure out how I can deliver mail usern...@examplehost.example.com to a central mail server (smtp.example.com) without setting myorigin = $mydomain on the example host, because I would like to see where the mail originiated or was originally sent to in the sender address. I tried to use recipient canonical maps @examplehost.example.com @example.com don't do that. but then /etc/aliases is not used e.g. to forward email. why use /etc/aliases to forward mail? use transport_maps: examplehost.example.com relay:[192.168.1.2] I there a way, to rewrite recipient adresses *after* /etc/aliases has been processed?
Re: rewrite recipients after /etc/aliases is processed
On Wed, 2008-12-31 at 14:28 +0100, mouss wrote: Hanspeter Kunz a écrit : Hi all, I'm trying to figure out how I can deliver mail usern...@examplehost.example.com to a central mail server (smtp.example.com) without setting myorigin = $mydomain on the example host, because I would like to see where the mail originiated or was originally sent to in the sender address. I tried to use recipient canonical maps @examplehost.example.com @example.com don't do that. but then /etc/aliases is not used e.g. to forward email. why use /etc/aliases to forward mail? use transport_maps: examplehost.example.com relay:[192.168.1.2] well, my intention was to use /etc/aliases for forwarding mail adresses like root, webmaster, logcheck, etc. to real users. This would be different users on every host. That's why I want first to process /etc/aliases and then route the mail to our central mail server. any idea how I could do such a thing? or can I do a host-based mail-forwarding on the central server, i.e. forwarding mail for root to different sets of users, depending on which host sent the mail? many thanks, Hp. -- Hanspeter Kunz University of Zurich Systems Administrator Department of Information Technology Email: hk...@ifi.uzh.ch Binzmühlestrasse 14 Tel: +41.(0)44.63-56714 Office 2.E.0 http://www.ifi.uzh.ch CH-8050 Zurich, Switzerland Spamtraps: hkunz.bo...@ailab.ch hkunz.bo...@ifi.uzh.ch --- A boy spent years collecting postage stamps. The girl next door bought an album too, and started her own collection. Dad, she buys everything I've bought, and it's taken all the fun out of it for me. I'm quitting. Don't, son, remember, 'Imitation is the sincerest form of philately.' signature.asc Description: This is a digitally signed message part
Re: rewrite recipients after /etc/aliases is processed
Hanspeter Kunz: well, my intention was to use /etc/aliases for forwarding mail adresses like root, webmaster, logcheck, etc. to real users. This would be different users on every host. That's why I want first to process /etc/aliases and then route the mail to our central mail server. /etc/aliases is used only for domains in $mydestination. This is documented behavior, and will not be changed. To rewrite address that don't deliver locally, use virtual_alias_maps (NOT virtual_alias_domains) to rewrite root etc, into real recipients. Wietse
Re: postfix questions: when emails are being rejected...
On Dec 31, 2008, at 1:51 AM, Hwan Dong wrote: much thanks for your comments. I looked at the backoff. But it is to delay the undelieverable messages, is there any way to delay all the following message for the SAME destination domain? i.e. if one email to a...@hotmail.com is rejected, I still have lots of emails to users from hotmail.com, can postfix delay all emails to hotmail.com after rejection to a...@hotmail.com? Why are you slowing down the delivery of supposedly valid mails because of one user? Again, what problem are you trying to fix, and why is this rejection happening? Logs showing this would be useful. More reading: http://www.postfix.org/ TUNING_README.html#mailing_tips Pay special attention to 'Tuning the frequency of deferred mail delivery attempts'.
Re: postfix questions: when emails are being rejected...
Hwan Dong: Hi there, ? Instead of?paying email professionals, I set up a postfix SMTP server to s -end emails to the club members. I have also successfully enabled the delay b -etween sending to some ISPs. But as more as I am sending, I could still get -rejection. Do you have similar experience? Any insight or comments? Welcome to the real world. Some ISPs have acceptable use limits. If you want to send more than an occasional email message then you will have to become whitelisted. I don't think it is a good idea to build broken-by-design features into Postfix (*), especially when their sole purpose is to circumvent ISP acceptable use limitats. Wietse (*) Such as suspending all delivery to yahoo.com after only one recipient is rejected with a temporary error.
Re: Delivered to command difference if .procmailrc exists
Your measurements use two different users, one with .procmailrc file and one without .procmailrc file. To prove that the difference in behavior is caused by the presence or absence of .procmailrc files, you need to deliver mail to the EXACT SAME user and change NOTHING except the presence/existence of the .procmailrc file. Wietse
Re: rewrite recipients after /etc/aliases is processed
On Wed, 2008-12-31 at 08:50 -0500, Wietse Venema wrote: Hanspeter Kunz: well, my intention was to use /etc/aliases for forwarding mail adresses like root, webmaster, logcheck, etc. to real users. This would be different users on every host. That's why I want first to process /etc/aliases and then route the mail to our central mail server. /etc/aliases is used only for domains in $mydestination. This is documented behavior, and will not be changed. sure. To rewrite address that don't deliver locally, use virtual_alias_maps (NOT virtual_alias_domains) to rewrite root etc, into real recipients. thanks for your inputs (also to mouss). For the record, I decided to do it the other way round: * mail is delivered locally (so that /etc/aliases is processed) * an additional ldap-aliases-table reroutes mails for real users to the central mail server. thanks again, Hp. signature.asc Description: This is a digitally signed message part
Re: Delivered to command difference if .procmailrc exists
On Wed, Dec 31, 2008 at 7:39 AM, Wietse Venema wie...@porcupine.org wrote: To prove that the difference in behavior is caused by the presence or absence of .procmailrc files, you need to deliver mail to the EXACT SAME user and change NOTHING except the presence/existence of the .procmailrc file. Doh! Yes, when I move the .procmailrc out of the way postfix/local still delivers as /usr/bin/procmail. I also found one account that has a .procmailrc and it is delivering to command according to mailbox_command, procmail -a $EXTENSION. The difference is not caused by the presence or absence of the .procmailrc files. The almost 100% correlation must be nothing more than a coincidence. Yesterday I asked about this on IRC and somone had the faq bot display the local_transport postconf documentation. I verified that my local_transport, transport_maps, and all other *transport* parameters were the default values, and that all of my users are local. I found a post that seemed similar to my problem [1] but the way they described it working seemed backwards from the documentation and other posts [2]. [1] http://www.mail-archive.com/debian-user-ger...@lists.debian.org/msg37310.html [2] http://archives.neohapsis.com/archives/postfix/2004-07/0805.html There must be some difference in the mapping or something between accounts or some mapping or aliasing that makes this happen, but I am at a loss to know what it is. I might have a better chance if I knew where /usr/bin/procmail was being picked up from. -- Jacob Anawalt
Re: Delivered to command difference if .procmailrc exists
On Wed, Dec 31, 2008 at 10:17:05AM -0700, Jacob Anawalt wrote: There must be some difference in the mapping or something between accounts or some mapping or aliasing that makes this happen, but I am at a loss to know what it is. I might have a better chance if I knew where /usr/bin/procmail was being picked up from. Assuming mail is delivered by local(8) (which you can see from your logs), the list of all possible delivery options for local(8) is documented in that manpage. The associated configuration parameters are in order: alias_maps (see 'postconf -d' output) The alias databases that are used for local(8) delivery. forward_path (see 'postconf -d' output) The local(8) delivery agent search list for finding a .forward file with user-specified delivery methods. mailbox_transport_maps (empty) Optional lookup tables with per-recipient message delivery transports to use for local(8) mailbox delivery, whether or not the recipients are found in the UNIX passwd database. mailbox_transport (empty) Optional message delivery transport that the local(8) delivery agent should use for mailbox delivery to all local recipients, whether or not they are found in the UNIX passwd database. mailbox_command_maps (empty) Optional lookup tables with per-recipient external commands to use for local(8) mailbox delivery. mailbox_command (empty) Optional external command that the local(8) delivery agent should use for mailbox delivery. home_mailbox (empty) Optional pathname of a mailbox file relative to a local(8) user's home directory. mail_spool_directory (see 'postconf -d' output) The directory where local(8) UNIX-style mailboxes are kept. fallback_transport_maps (empty) Optional lookup tables with per-recipient message delivery transports for recipients that the local(8) delivery agent could not find in the aliases(5) or UNIX password database. fallback_transport (empty) Optional message delivery transport that the local(8) delivery agent should use for names that are not found in the aliases(5) or UNIX password database. luser_relay (empty) Optional catch-all destination for unknown local(8) recipients. If mail is delivered to a command running as the target user, the only possible mechanisms are: .forward mailbox command as configured via: forward_path mailbox_command_maps mailbox_command If mail is delivered to a command running as a fixed user, the possible mechanisms are: aliases # |/some/cmd args mailbox transport # pipe-transport:dummy-nexthop fallback transport # pipe-transport:dummy-nexthop as configured via: alias_maps mailbox_transport_maps mailbox_transport fallback_transport_maps fallback_transport There is no other way for local(8) to spawn a delivery command. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Delivered to command difference if .procmailrc exists
Jacob Anawalt: On Wed, Dec 31, 2008 at 7:39 AM, Wietse Venema wie...@porcupine.org wrote: To prove that the difference in behavior is caused by the presence or absence of .procmailrc files, you need to deliver mail to the EXACT SAME user and change NOTHING except the presence/existence of the .procmailrc file. Doh! Yes, when I move the .procmailrc out of the way postfix/local still delivers as /usr/bin/procmail. I also found one account that has a .procmailrc and it is delivering to command according to mailbox_command, procmail -a $EXTENSION. The difference is not caused by the presence or absence of the .procmailrc files. The almost 100% correlation must be nothing more than a coincidence. The user's .forward file takes precedence over mailbox delivery. Wietse
Postfix and multiple smarthosts
Hi, I am trying to find the answer whether Postfix will support multiple smarthosts - i.e, sending to specific smarthosts, and if one fails, it will try to send to the next one in the list, or will just use any smart host in the list without issue? I have found several examples of using smart host routing based on destination domain, but this is not what I want to do. Thanks. Andrew.
Solved: Re: Delivered to command difference if .procmailrc exists
On Wed, Dec 31, 2008 at 10:40 AM, Wietse Venema wie...@porcupine.org wrote: The user's .forward file takes precedence over mailbox delivery. Almost every user with a .procmailrc had a .forward calling | /usr/bin/procmail. Moving .foward out of the way for the same user as I moved .procmailrc now shows postfix/local delivered to command: procmail -a $EXTENSION Thank you very much Wietse and Viktor. -- Jacob Anawalt
RE: Postfix and multiple smarthosts
Wietse Venema wrote: Andrew Hodgson: I am trying to find the answer whether Postfix will support multiple smarthosts - i.e, sending to specific smarthosts, and if one fails, it will try to send to the next one in the list, or will just use any smart host in the list without issue? relayhost = [one.example.com] smtp_fallback_relay = [another.example.com] Thanks for that. Happy new year, Andrew.
Re: Postfix and multiple smarthosts
On Wed, Dec 31, 2008 at 05:38:33PM +, Andrew Hodgson wrote:
I am trying to find the answer whether Postfix will support multiple
smarthosts - i.e, sending to specific smarthosts, and if one fails, it
will try to send to the next one in the list, or will just use any
smart host in the list without issue?
Season to taste:
/etc/postfix/main.cf:
relayhost = example.com
/etc/named.conf:
options {
directory /var/named/data;
};
zone example.com in {
type master;
file example.com;
};
/var/named/data/example.com
$TTL 2D;
@ IN SOA a.ns.example.com hostmaster.example.com (
1 ; Serial
10800 ; Refresh after 3 hours
3600; Retry after 1 hour
604800 ; Expire after 1 week
3600 ) ; Minimum TTL of 1 hour
@ IN NS a.ns
@ IN NS b.ns
a.ns IN A 192.0.2.1
b.ns IN A 192.0.2.2
@ IN MX 0 a.mx
@ IN MX 1 b.mx
@ IN MX 2 c.mx
a.mx IN A 192.0.2.3
b.mx IN A 192.0.2.4
c.mx IN A 192.0.2.5
Non-local mail is sent to a.mx.example.com if that fails, it is sent
to b.mx.example.com and finally c.mx.example.com, or you can adjust
the MX preferences to be equal to get stastical load-balancing.
Alternatively, if all SMTP deliveries go to the smarthost, and you
don't want to or can't change DNS:
relayhost = [a.mx.example.com]
smtp_fallback_relay = [b.mx.example.com], [c.mx.example.com]
you can adjust the master.cf file to specify different SMTP fallback relay
lists for different (e.g. smtp unix vs. relay unix) SMTP transports.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
mailto:majord...@postfix.org?body=unsubscribe%20postfix-users
If my response solves your problem, the best way to thank me is to not
send an it worked, thanks follow-up. If you must respond, please put
It worked, thanks in the Subject so I can delete these quickly.
Richmond H Dyes/mchhosp.gov is out of the office.
I will be out of the office starting 12/31/2008 and will not return until 01/05/2009. If it is an emergency, the help line at 760-6277 -- Confidentiality Notice -- This email message, including all the attachments, is for the sole use of the intended recipient(s) and contains confidential information. Unauthorized use or disclosure is prohibited. If you are not the intended recipient, you may not use, disclose, copy or disseminate this information. If you are not the intended recipient, please contact the sender immediately by reply email and destroy all copies of the original message, including attachments.
Rejecting emails with invalid/unlikely dates?
Hi, I've been looking around but so far haven't been able to find anything (partly because it's difficult to phrase a search query!). If someone has a solution/config for this then that'd be great. Before anyone points out issues with GMail and lack of control, this is all being done on a domain on a VPS. I'm just using my Gmail address for the mailing list :) Basically, 99% of the spam I get (which is only a small amount compared to some people) is either a) purporting to be from me, to me or b) has a date that Thunderbird reports as 1976 or 2038 (but is really 3609 or just 38). I've resolved the first part with SPF records and checking them in Postfix, but I can't work out how to get Postfix to reject mail that is outside a 14 day window from today (or silently dispose of it if it's not possible because it has to get too far in to the system to fail it). Any suggestions would be great. Thanks, IBBoard
Re: Rejecting emails with invalid/unlikely dates?
IBBoard wrote: I've been looking around but so far haven't been able to find anything (partly because it's difficult to phrase a search query!). If someone has a solution/config for this then that'd be great. Before anyone points out issues with GMail and lack of control, this is all being done on a domain on a VPS. I'm just using my Gmail address for the mailing list :) Basically, 99% of the spam I get (which is only a small amount compared to some people) is either a) purporting to be from me, to me or b) has a date that Thunderbird reports as 1976 or 2038 (but is really 3609 or just 38). I've resolved the first part with SPF records and checking them in Postfix, but I can't work out how to get Postfix to reject mail that is outside a 14 day window from today (or silently dispose of it if it's not possible because it has to get too far in to the system to fail it). You need a content filter for this. Header checks can do this; however, they're static, so you have the problem of updating them constantly to keep the validity window moving. Plus there's the issue of date formats. The best way, IMO, is a policy service that can grok a wide variety of date formats and check if the date is within 14 days of the current time. There are spamassassin rules for future dates in message headers, so you might try that route instead of rolling your own.
RE: Postfix and multiple smarthosts
Victor Duchovni wrote: On Wed, Dec 31, 2008 at 05:38:33PM +, Andrew Hodgson wrote: I am trying to find the answer whether Postfix will support multiple smarthosts - i.e, sending to specific smarthosts, and if one fails, it will try to send to the next one in the list, or will just use any smart host in the list without issue? [snip Bind config illustrating this can be done using DNS and MX records] Non-local mail is sent to a.mx.example.com if that fails, it is sent to b.mx.example.com and finally c.mx.example.com, or you can adjust the MX preferences to be equal to get stastical load-balancing. I did actually get this to work a couple of days ago, however in my case I manipulated DNS records on the content DNS server that resolv.conf was pointing at. However, I want to try and do that with the Postfix conf if possible. Alternatively, if all SMTP deliveries go to the smarthost, and you don't want to or can't change DNS: relayhost = [a.mx.example.com] smtp_fallback_relay = [b.mx.example.com], [c.mx.example.com] Ah, we can put two here can we? Can you put two entries in the relayhost section also? To make matters more complex, we actually have two Postfix servers at different sites with different Internet links at each site. It would be nice to do the following: Main site: Smarthost to external servers (1 or 2 in any preference) If unable to connect to either of these servers send the mail to the server at the second site (via private link) Second site: Same as above but probably no fallback smarthost as I don't want mail loops if both Internet connections are down or the two smart hosts go offline. We are using these two servers as edge servers backing off to an Exchange server at the primary site. We are not deploying Exchange edge servers due to the 64-bit requirement as currently we have several well specked machines which will run fine with Postfix et al, and I did the same type of thing a few years ago with another Unix MTA, but I am getting really used to Postfix config now, and want to keep it if possible. Thanks. Andrew.
Finding the envelope-sender after always_bcc?
Hi: After reading http://www.irbs.net/internet/postfix/0703/1471.html and http://www.irbs.net/internet/postfix/0703/1519.html to help with my autoreply capability (and making sure i get it as close to right as possible!), I am trying to ensure that I can take all reasonable measures to get the autoreplies right (when they are sent). to this end, it's important that I capture the envelope-sender of each message in addition to the From: header, but I am having difficulty doing so. I have tried to send the message to my autoreply script via bcc: (via always_bcc or recipient_bcc_maps) to a local autoreply address which then has the transport autoreply: which calls the autoreply script via pipe or is a local alias that resolves to '|/path/to/autoreply/ script'. The transport mechanism has the ability to pass information from postfix, but doesn't seem to capture the envelope-sender correctly. I have tried using every single one of the macros listed in http://www.postfix.com/pipe.8.html to no avail. I have even used some macros that are not listed, but I've found in other examples as I've searched for solutions. This happens with mail sent to alias addresses as well as virtual mailboxes. Some e-mails from lists to which I subscribe include a Sender: header which looks like it contains the envelope-sender. Mail that shows up in my standard ISP account (not ever touching my postfix installation) seems to include the Return-Path: header which includes the envelope-sender. Leading me to two questions: 1) on-topic: How can I be sure I can find the envelope-sender for every message and pass that to my script? Or maybe I should ask it this way: How do I get postfix to keep the correct envelope-sender? 2) broader: Is the list of macros that can be used as arguments to a pipe command (as listed in http://www.postfix.com/pipe.8.html) complete? or are there others (like the ones I've found)? and where can I find a complete list? I would appreciate any help, direction or pointers that anyone can offer. It might help to know that messages entering my postfix server are then passed to a content_filter (Dspam, specifically, using content_filter=dspam:dspam), which then re-injects them back into postfix which then handles them and sends them to a delivery agent (mostly maildrop, sometimes virtual). If the order of this (and the passing through dpsam is affecting the envelope-sender, is there way to either get the message to the autoreply script before it goes to dspam (I don't want that, since I don't autoreply to spam messages) or a way to pass the envelope-sender through dpsam, or something else I haven't considered? Thank you!! and happy new year!!
Re: Postfix and multiple smarthosts
On Wed, Dec 31, 2008 at 10:42:43PM +, Andrew Hodgson wrote: Ah, we can put two here can we? Can you put two entries in the relayhost section also? Best to avoid reasoning by analogy when one can reason from facts. The parameters are documented: http://www.postfix.org/postconf.5.html#relayhost The next-hop destination of non-local mail; overrides non-local domains in recipient addresses. ... http://www.postfix.org/postconf.5.html#smtp_fallback_relay Optional list of relay hosts for SMTP destinations that can't be found or that are unreachable. ... The use of the singular in the first case and plural in the second is reasonably clear. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Finding the envelope-sender after always_bcc?
Jeff Weinberger a écrit :
Hi:
After reading http://www.irbs.net/internet/postfix/0703/1471.html and
http://www.irbs.net/internet/postfix/0703/1519.html to help with my
autoreply capability (and making sure i get it as close to right as
possible!), I am trying to ensure that I can take all reasonable
measures to get the autoreplies right (when they are sent). to this end,
it's important that I capture the envelope-sender of each message in
addition to the From: header, but I am having difficulty doing so.
yes, don't reply to From: addresses. if you can't get the envelope
sender, don't autoreply.
I have tried to send the message to my autoreply script via bcc: (via
always_bcc or recipient_bcc_maps) to a local autoreply address which
then has the transport autoreply: which calls the autoreply script via
pipe or is a local alias that resolves to '|/path/to/autoreply/script'.
The transport mechanism has the ability to pass information from
postfix, but doesn't seem to capture the envelope-sender correctly.
The envelope sender should be found in the Retrun-Path header. when
using a pipe, make sure to put the 'R' flag in the flags=... options.
you can also use -f ${sender} in your pipe and have your scrpit parse
command line args.
I have tried using every single one of the macros listed in
http://www.postfix.com/pipe.8.html to no avail. I have even used some
macros that are not listed, but I've found in other examples as I've
searched for solutions.
This happens with mail sent to alias addresses as well as virtual
mailboxes.
Some e-mails from lists to which I subscribe include a Sender: header
which looks like it contains the envelope-sender. Mail that shows up in
my standard ISP account (not ever touching my postfix installation)
seems to include the Return-Path: header which includes the
envelope-sender.
Leading me to two questions:
1) on-topic: How can I be sure I can find the envelope-sender for every
message and pass that to my script? Or maybe I should ask it this way:
How do I get postfix to keep the correct envelope-sender?
always_bcc does not change the envelope sender (it changes the envelope
recipient). so you get the correct envelope sender.
2) broader: Is the list of macros that can be used as arguments to a
pipe command (as listed in http://www.postfix.com/pipe.8.html) complete?
or are there others (like the ones I've found)? and where can I find a
complete list?
I would appreciate any help, direction or pointers that anyone can offer.
It might help to know that messages entering my postfix server are then
passed to a content_filter (Dspam, specifically, using
content_filter=dspam:dspam), which then re-injects them back into
postfix which then handles them and sends them to a delivery agent
(mostly maildrop, sometimes virtual). If the order of this (and the
passing through dpsam is affecting the envelope-sender, is there way to
either get the message to the autoreply script before it goes to dspam
(I don't want that, since I don't autoreply to spam messages) or a way
to pass the envelope-sender through dpsam, or something else I haven't
considered?
check your logs to see if the envelope sender is present at delivery
time. if your content filters and other stuff reinjects mail using the
sendmail command, make sure to use -f to passe the (original)
envelope-sender.
Re: Rejecting emails with invalid/unlikely dates?
Darren Pilgrim a écrit : IBBoard wrote: I've been looking around but so far haven't been able to find anything (partly because it's difficult to phrase a search query!). If someone has a solution/config for this then that'd be great. Before anyone points out issues with GMail and lack of control, this is all being done on a domain on a VPS. I'm just using my Gmail address for the mailing list :) Basically, 99% of the spam I get (which is only a small amount compared to some people) is either a) purporting to be from me, to me or b) has a date that Thunderbird reports as 1976 or 2038 (but is really 3609 or just 38). I've resolved the first part with SPF records and checking them in Postfix, but I can't work out how to get Postfix to reject mail that is outside a 14 day window from today (or silently dispose of it if it's not possible because it has to get too far in to the system to fail it). You need a content filter for this. and to reject, he needs to run it in pre-queue mode (proxy_filter). or he could use a milter such as milter-regex. Header checks can do this; however, they're static, so you have the problem of updating them constantly to keep the validity window moving. He can use a cron to update the header_checks daily. This is simpler than milter/proxy_filter. Plus there's the issue of date formats. This is not a problem here, since he wants to block known spam. so he can write expressions for that spam. and if he only wants to block on the year, then it's even easier. The best way, IMO, is a policy service that can grok a wide variety of date formats and check if the date is within 14 days of the current time. a policy service doesn't see headers. a milter or a proxy_filter does. There are spamassassin rules for future dates in message headers, so you might try that route instead of rolling your own. this is indeed easier and maybe safer (well, if OP uses spamassassin).
Re: Finding the envelope-sender after always_bcc?
On Dec 31, 2008, at 6:11 PM, mouss wrote:
Jeff Weinberger a écrit :
Hi:
After reading http://www.irbs.net/internet/postfix/0703/1471.html and
http://www.irbs.net/internet/postfix/0703/1519.html to help with my
autoreply capability (and making sure i get it as close to right as
possible!), I am trying to ensure that I can take all reasonable
measures to get the autoreplies right (when they are sent). to this
end,
it's important that I capture the envelope-sender of each message in
addition to the From: header, but I am having difficulty doing so.
yes, don't reply to From: addresses. if you can't get the envelope
sender, don't autoreply.
I have tried to send the message to my autoreply script via bcc: (via
always_bcc or recipient_bcc_maps) to a local autoreply address which
then has the transport autoreply: which calls the autoreply script
via
pipe or is a local alias that resolves to '|/path/to/autoreply/
script'.
The transport mechanism has the ability to pass information from
postfix, but doesn't seem to capture the envelope-sender correctly.
The envelope sender should be found in the Retrun-Path header. when
using a pipe, make sure to put the 'R' flag in the flags=...
options.
you can also use -f ${sender} in your pipe and have your scrpit parse
command line args.
I have tried using every single one of the macros listed in
http://www.postfix.com/pipe.8.html to no avail. I have even used some
macros that are not listed, but I've found in other examples as I've
searched for solutions.
This happens with mail sent to alias addresses as well as virtual
mailboxes.
Some e-mails from lists to which I subscribe include a Sender:
header
which looks like it contains the envelope-sender. Mail that shows
up in
my standard ISP account (not ever touching my postfix installation)
seems to include the Return-Path: header which includes the
envelope-sender.
Leading me to two questions:
1) on-topic: How can I be sure I can find the envelope-sender for
every
message and pass that to my script? Or maybe I should ask it this
way:
How do I get postfix to keep the correct envelope-sender?
always_bcc does not change the envelope sender (it changes the
envelope
recipient). so you get the correct envelope sender.
2) broader: Is the list of macros that can be used as arguments to a
pipe command (as listed in http://www.postfix.com/pipe.8.html)
complete?
or are there others (like the ones I've found)? and where can I
find a
complete list?
I would appreciate any help, direction or pointers that anyone can
offer.
It might help to know that messages entering my postfix server are
then
passed to a content_filter (Dspam, specifically, using
content_filter=dspam:dspam), which then re-injects them back into
postfix which then handles them and sends them to a delivery agent
(mostly maildrop, sometimes virtual). If the order of this (and the
passing through dpsam is affecting the envelope-sender, is there
way to
either get the message to the autoreply script before it goes to
dspam
(I don't want that, since I don't autoreply to spam messages) or a
way
to pass the envelope-sender through dpsam, or something else I
haven't
considered?
check your logs to see if the envelope sender is present at delivery
time. if your content filters and other stuff reinjects mail using the
sendmail command, make sure to use -f to passe the (original)
envelope-sender.
Thank you!
I've verified that the R flag is there and I use -f ${sender} on the
command line (the script does parse the arguments)
I think the envelope-sender is missing before it enters the content
filter. This from my mail.log:
Dec 31 19:50:07 s postfix/qmgr[3345]: A4C5E2943D74:
from=m...@myisp.tld, size=1505, nrcpt=1 (queue active)
Dec 31 19:50:07 s postfix/smtpd[3340]: disconnect from
smtp120.isp.mail.sp1.myisp.tld[69.147.64.93]
Dec 31 19:50:07 s dspam[3356]: query error: VERBOSE DEBUG (INFO ONLY -
NOT AN ERROR): see sql.errors for more details
Dec 31 19:50:09 s postfix/smtpd[3348]: connect from localhost[127.0.0.1]
Dec 31 19:50:09 s postfix/smtpd[3348]: 646A62943D79:
client=localhost[127.0.0.1]
Dec 31 19:50:09 s postfix/cleanup[3344]: 646A62943D79: message-id=fb0b0ed6-d05d-48c6-a077-10662907d...@myisp.tld
Dec 31 19:50:09 s postfix/qmgr[3345]: 646A62943D79: from=,
size=2936, nrcpt=1 (queue active)
Dec 31 19:50:09 s postfix/smtpd[3348]: disconnect from
localhost[127.0.0.1]
Dec 31 19:50:09 s postfix/pipe[3346]: A4C5E2943D74: to=mypost...@virtualmailbox.tld
, relay=dspam, delay=5.1, delays=3.4/0/0/1.7, dsn=2.0.0, status=sent
(delivered via dspam service)
(identifying information removed)
The from= in the third-to-last line I assume should be the
envelope-sender?
This happens whether I send from my ISP mail address, another locally-
hosted virtual mailbox or anywhere else.
Is this part of the problem?
If so, where can I start to look for a solution? or what information
would be
Looping in new production machine!
I'm not sure, I may have an unusual dns setup on this mail server. The primary host name is math.missouri.edu, but it has an alias of math.math.missouri.edu. In any case, I'm getting the dreaded: status=SOFTBOUNCE (mail for math.math.missouri.edu loops back to myself) Even though incoming messages are addressed to x...@math.missouri.edu. Yet it doesn't happen to all incoming messages. Has anyone seen this behavior? Here are the relevant variables from main.cf: mydomain = math.missouri.edu myhostname = math.missouri.edu mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain inet_interfaces = $myhostname, localhost HELP!!! Rich
